exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2014-130

Mandriva Linux Security Advisory 2014-130
Posted Jul 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-130 - The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query. A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size. Multiple flaws were found in the way file parsed property information from Composite Document Files files, due to insufficient boundary checks on buffers. PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to this issue. It has been updated to versions 5.5.14, which fix this issue and several other bugs. The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.5 version.

tags | advisory, overflow, arbitrary, php
systems | linux, mandriva
advisories | CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4049, CVE-2014-4721
SHA-256 | 5ed744a983e2662b9a5bd2070c638f3b45433d1680b2079542079edfdfc31778

Mandriva Linux Security Advisory 2014-130

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:130
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php
Date : July 9, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated php packages fix security vulnerabilities:

The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type
Confusion issue related to the SPL ArrayObject and SPLObjectStorage
Types (CVE-2014-3515).

It was discovered that PHP is vulnerable to a heap-based buffer
overflow in the DNS TXT record parsing. A malicious server or
man-in-the-middle attacker could possibly use this flaw to execute
arbitrary code as the PHP interpreter if a PHP application uses
dns_get_record() to perform a DNS query (CVE-2014-4049).

A flaw was found in the way file parsed property information from
Composite Document Files (CDF) files, where the mconvert() function did
not correctly compute the truncated pascal string size (CVE-2014-3478).

Multiple flaws were found in the way file parsed property information
from Composite Document Files (CDF) files, due to insufficient boundary
checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480,
CVE-2014-3487).

PHP contains a bundled copy of the file utility's libmagic library,
so it was vulnerable to this issue. It has been updated to versions
5.5.14, which fix this issue and several other bugs.

The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type
Confusion issue that can cause it to leak arbitrary process memory
(CVE-2014-4721).

Additionally, php-apc has been rebuilt against the updated php
packages and the php-timezonedb packages has been upgraded to the
2014.5 version.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
http://www.php.net/ChangeLog-5.php#5.5.14
http://advisories.mageia.org/MGASA-2014-0284.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
d750f3a4dd445dfff5d48c2cd335f5ee mbs1/x86_64/apache-mod_php-5.5.14-1.mbs1.x86_64.rpm
bd6c38473df5579c601717197e0b3871 mbs1/x86_64/lib64php5_common5-5.5.14-1.mbs1.x86_64.rpm
438c5c236dd05aaf8f7df1aef41402f3 mbs1/x86_64/php-apc-3.1.15-1.8.mbs1.x86_64.rpm
a52f3e744008e04d0136b8ecacee951e mbs1/x86_64/php-apc-admin-3.1.15-1.8.mbs1.x86_64.rpm
0f8c84efaeb06e7db89942525195da9b mbs1/x86_64/php-bcmath-5.5.14-1.mbs1.x86_64.rpm
b0199c32c7bee5c4b17919db7d84190f mbs1/x86_64/php-bz2-5.5.14-1.mbs1.x86_64.rpm
9bd5ffbaf938d31fd5f9de5ed69d31f2 mbs1/x86_64/php-calendar-5.5.14-1.mbs1.x86_64.rpm
c08143e0bcfac5d80136114d43157f31 mbs1/x86_64/php-cgi-5.5.14-1.mbs1.x86_64.rpm
8e6d23960410e1232e6810d5b3c9175e mbs1/x86_64/php-cli-5.5.14-1.mbs1.x86_64.rpm
3489e684a75c2025b795ef8812f9a6b3 mbs1/x86_64/php-ctype-5.5.14-1.mbs1.x86_64.rpm
6258c812ae9dd1ed984d707ef702e5a5 mbs1/x86_64/php-curl-5.5.14-1.mbs1.x86_64.rpm
34d78b00a2c29b01afd140f7e9af7ade mbs1/x86_64/php-dba-5.5.14-1.mbs1.x86_64.rpm
f5291102bb3825e22f7b48e750a8fc39 mbs1/x86_64/php-devel-5.5.14-1.mbs1.x86_64.rpm
26bb707cceccc837d09e1e910f9ff2d8 mbs1/x86_64/php-doc-5.5.14-1.mbs1.noarch.rpm
25136ba7b5fa05754b785aadb646dad4 mbs1/x86_64/php-dom-5.5.14-1.mbs1.x86_64.rpm
4883b77f434fb92f66b5c9d25d1bb75f mbs1/x86_64/php-enchant-5.5.14-1.mbs1.x86_64.rpm
d6344ab3bbf9bcc1acc6c88cc4a23203 mbs1/x86_64/php-exif-5.5.14-1.mbs1.x86_64.rpm
f2c02261ca1827f8c1277e1f9010a34c mbs1/x86_64/php-fileinfo-5.5.14-1.mbs1.x86_64.rpm
d61863b92ae06460d19a1927986fda23 mbs1/x86_64/php-filter-5.5.14-1.mbs1.x86_64.rpm
f7b5b349884f7f733270f76bae3adb3d mbs1/x86_64/php-fpm-5.5.14-1.mbs1.x86_64.rpm
6a5922f4ce756fb7beb4f1547d940003 mbs1/x86_64/php-ftp-5.5.14-1.mbs1.x86_64.rpm
59ea194bdd3fd658e4cae8991abf8a22 mbs1/x86_64/php-gd-5.5.14-1.mbs1.x86_64.rpm
75a19794726b72db481fdfcbdf85a389 mbs1/x86_64/php-gettext-5.5.14-1.mbs1.x86_64.rpm
9000903f2268d2abebc2c968c8a3fe94 mbs1/x86_64/php-gmp-5.5.14-1.mbs1.x86_64.rpm
d1b21d9cb29de195df99e26e165dd888 mbs1/x86_64/php-hash-5.5.14-1.mbs1.x86_64.rpm
c3bce91b1e2399f0294d30c7cc8c348b mbs1/x86_64/php-iconv-5.5.14-1.mbs1.x86_64.rpm
aefdb8dc9393e62379d9ef7ba7a61754 mbs1/x86_64/php-imap-5.5.14-1.mbs1.x86_64.rpm
7fc0430ee471f866ccbc4b7182644fcd mbs1/x86_64/php-ini-5.5.14-1.mbs1.x86_64.rpm
efbab2d1304ec348e50ef54173cb21af mbs1/x86_64/php-intl-5.5.14-1.mbs1.x86_64.rpm
8ec9d6719adb5c4b52232eae273c424d mbs1/x86_64/php-json-5.5.14-1.mbs1.x86_64.rpm
c669eb5a0a166f79f2974501c74b825d mbs1/x86_64/php-ldap-5.5.14-1.mbs1.x86_64.rpm
d731c3140fc17387b03509675c64f8d6 mbs1/x86_64/php-mbstring-5.5.14-1.mbs1.x86_64.rpm
bd3bdddd6d15d51b43af92b2d77c2d1e mbs1/x86_64/php-mcrypt-5.5.14-1.mbs1.x86_64.rpm
05a9d03e68a7538b279f7a1b775fb78f mbs1/x86_64/php-mssql-5.5.14-1.mbs1.x86_64.rpm
9fc1b49a1356e02944985baae0fbdf82 mbs1/x86_64/php-mysql-5.5.14-1.mbs1.x86_64.rpm
df58c5d755b84a84797343e6e2644da6 mbs1/x86_64/php-mysqli-5.5.14-1.mbs1.x86_64.rpm
f510fbd63f4e1f6bbacef83d80c1f02c mbs1/x86_64/php-mysqlnd-5.5.14-1.mbs1.x86_64.rpm
454575e0713f5ec8d9438aac6fdefbae mbs1/x86_64/php-odbc-5.5.14-1.mbs1.x86_64.rpm
aa908adcb75e0784e631a9c8163aa894 mbs1/x86_64/php-opcache-5.5.14-1.mbs1.x86_64.rpm
204eb99a6af84b86bfd62d37f7613671 mbs1/x86_64/php-openssl-5.5.14-1.mbs1.x86_64.rpm
384be6b92e3664f1286923c940a0c062 mbs1/x86_64/php-pcntl-5.5.14-1.mbs1.x86_64.rpm
9c01c1dd40cd979b7148bde98e06ce41 mbs1/x86_64/php-pdo-5.5.14-1.mbs1.x86_64.rpm
e1b9beede3435186533c4b1d9fabb098 mbs1/x86_64/php-pdo_dblib-5.5.14-1.mbs1.x86_64.rpm
19ef3e72992d4b3e7c42045b23ecc826 mbs1/x86_64/php-pdo_mysql-5.5.14-1.mbs1.x86_64.rpm
29337cc01f7bad7d6deb1a34f2b46d2b mbs1/x86_64/php-pdo_odbc-5.5.14-1.mbs1.x86_64.rpm
418855d92dcfd0b2ba968971ddc7f959 mbs1/x86_64/php-pdo_pgsql-5.5.14-1.mbs1.x86_64.rpm
7ac2ec094e86e7b663cd5db5de33f6c9 mbs1/x86_64/php-pdo_sqlite-5.5.14-1.mbs1.x86_64.rpm
b31dd5a24d9e9ed9e710034b51b2aaf5 mbs1/x86_64/php-pgsql-5.5.14-1.mbs1.x86_64.rpm
38e0f890a62ac31f553e1cf71e3ed4f6 mbs1/x86_64/php-phar-5.5.14-1.mbs1.x86_64.rpm
ea61eec1783b3ecc2aabaa073781d2c5 mbs1/x86_64/php-posix-5.5.14-1.mbs1.x86_64.rpm
c074e154df76d47e8474b2b181c810d2 mbs1/x86_64/php-readline-5.5.14-1.mbs1.x86_64.rpm
34059ca8e564d6fba8ddb9b13816b4f0 mbs1/x86_64/php-recode-5.5.14-1.mbs1.x86_64.rpm
5b22a942a47f9572baa7f4dbac426179 mbs1/x86_64/php-session-5.5.14-1.mbs1.x86_64.rpm
3c29ec2e950740f836a010aa7140e385 mbs1/x86_64/php-shmop-5.5.14-1.mbs1.x86_64.rpm
44661960b2972161a27fd60f44f6a3a6 mbs1/x86_64/php-snmp-5.5.14-1.mbs1.x86_64.rpm
80a972ae51d5e3f9dbc48e688b56c49a mbs1/x86_64/php-soap-5.5.14-1.mbs1.x86_64.rpm
04a34ac96ea1bc8690e16a185b06c8c5 mbs1/x86_64/php-sockets-5.5.14-1.mbs1.x86_64.rpm
f5c01919ebd495a9bba529312ef6150d mbs1/x86_64/php-sqlite3-5.5.14-1.mbs1.x86_64.rpm
bf23ff3ca37a590ea171523f00808629 mbs1/x86_64/php-sybase_ct-5.5.14-1.mbs1.x86_64.rpm
2ebd5df6114b163da35d4ccc76d9f637 mbs1/x86_64/php-sysvmsg-5.5.14-1.mbs1.x86_64.rpm
e4d94b4e8211b0d0e9c4aa5e39b60733 mbs1/x86_64/php-sysvsem-5.5.14-1.mbs1.x86_64.rpm
fe4b07b96f8a70da15d54caba9d659f4 mbs1/x86_64/php-sysvshm-5.5.14-1.mbs1.x86_64.rpm
ca8eb25cffa9574e83328dcc2e8e1eeb mbs1/x86_64/php-tidy-5.5.14-1.mbs1.x86_64.rpm
316e394027c266537924232f436075a6 mbs1/x86_64/php-timezonedb-2014.5-1.mbs1.x86_64.rpm
c9686b9ac17c643aafba60698dc69527 mbs1/x86_64/php-tokenizer-5.5.14-1.mbs1.x86_64.rpm
abb31c2cc4b8dd2afc098e20d5c2e38e mbs1/x86_64/php-wddx-5.5.14-1.mbs1.x86_64.rpm
423b83dc99cb338845198e98b8900bdf mbs1/x86_64/php-xml-5.5.14-1.mbs1.x86_64.rpm
3066b5b1bc337fb578fcf975a8bf7601 mbs1/x86_64/php-xmlreader-5.5.14-1.mbs1.x86_64.rpm
479948b9c9dd16fc01d974aa72eba3d3 mbs1/x86_64/php-xmlrpc-5.5.14-1.mbs1.x86_64.rpm
92a0c3926501e5e18cd60dc264603100 mbs1/x86_64/php-xmlwriter-5.5.14-1.mbs1.x86_64.rpm
2acde2f8f5f2061f71ecdf5bab85e0ec mbs1/x86_64/php-xsl-5.5.14-1.mbs1.x86_64.rpm
f2a5ce6dc32e017f21ad745a7179fa43 mbs1/x86_64/php-zip-5.5.14-1.mbs1.x86_64.rpm
386f79ebfcfbcd1448609143b3401dd8 mbs1/x86_64/php-zlib-5.5.14-1.mbs1.x86_64.rpm
7dc3ab0433d95a8a5a315d00e83269c5 mbs1/SRPMS/php-5.5.14-1.mbs1.src.rpm
9f9d447b3b77be38f5cd1196891eb3eb mbs1/SRPMS/php-apc-3.1.15-1.8.mbs1.src.rpm
1ae42e12e9399b837472724ee456affe mbs1/SRPMS/php-timezonedb-2014.5-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTvPwWmqjQ0CJFipgRAoMwAJ9Z6gNAFZyirDovMCrxLSHBh2+FRgCgtMFF
/pEs0ohIXDtwzVKnZAsyPFU=
=x64F
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close